When Ransomware-as-a-Service is trending, then it’s high time to shift gears in cybersecurity

Organizations always aim to devise their security architecture that is ready to counter any type of cyber-threat. But when the threat actors devise a changing model to disrupt businesses and infrastructure, then to outsmart cybercriminals the organizations need to be ahead of the emerging tech adoption. In this article, we delve into the changing landscape and the trends that will shape up cybersecurity in 2022.

Do you remember, back in the late 2000’s how we were concerned about computer viruses would affect our desktop machines and laptops? Then things took a turn when internet penetration increased. And it, the Internet, became a pathway to many high-profile scams and the biggest online attacks we have ever seen. In this age of IoT, security and privacy have become a major concern for users. As work from home became more and more common for professionals around the globe, the number of threats is also on the rise.

RANSOMWARE – THE CAUSE OF PANIC

Ransomware is not a new term anymore, and has become a top global concern. The United States of America has announced the formation of a cybersecurity task force. It has also designated those who perpetrate ransomware attacks as terrorists, giving law enforcement agencies additional resources and stricter penalties when fighting cybercriminals. Even Interpol has raised the bar on combating ransomware. Other countries, including India, are doing the same. 

According to the recent Global Threat Landscape Report from FortiGuard Labs, ransomware incidents have increased nearly 1100% over the past twelve months. And in a new global ransomware survey conducted by Fortinet, an astonishing 67% of organizations report having been a ransomware target — with nearly half saying they had been targeted more than once and almost one in six saying they had been attacked three or more times.

The perimeter of any organization due to the pandemic that we are facing today has been forced to become more fragmented. This has led many organizations to transition from a simple cloud to a multi-cloud or a hybrid model. This cloud-based functioning has created a perfect environment for the cybercriminals to orchestrate attacks of unprecedented nature. To counter these kinds of attacks, if organizations adopt the ‘Fabric approach’, they can benefit from an integrated security platform that secures all assets on-premises, in the data center, and in the cloud or at the edge of the perimeter.

As technology is advancing at an exponential rate, organizations will need to plan ahead of time by leveraging the power of emerging technologies such as Artificial Intelligence (AI) and Machine Learning (ML) to speed threat prevention, detection, and response. By using advanced endpoint technologies such as endpoint detection and response (EDR) organizations will be able to identify malicious threats based on behavior. 

In addition to that, zero-trust network access (ZTNA) will be critical for securing the access of an organization’s internal applications. This is to extend the protections to mobile workers and learners. Apart from this, segmentation will remain a foundational strategy to restrict the lateral movement of cyber criminals inside a network. The speed at which these cyber-attacks are happening is huge and it keeps growing as and when we speak. Hence keeping breaches restricted to a smaller portion of the network looks feasible. Moreover, actionable and integrated threat intelligence can improve an organization’s ability to defend in real-time.

According to Chester Wisniewski, Principal Research Scientist of Sophos, many organizations have indeed turned to more of a zero-trust approach rather than trusting remote users to access the whole LAN over a VPN. Zero-trust network access solutions limit the resources available to the remote employees, so that there is no unrestricted access to organization’s resources in case the remote employee’s system gets compromised. Cloud-managed software updates and security solutions also provide visibility into the security status of remote employees and ensure they stay patched and in a secure state.

“Globally in 2021, 1 out of every 61 organisations was being impacted by ransomware each week. Despite the continued efforts of law enforcement to limit and stop the ransomware attacks globally, there has been no decrease in the attacks. Threat actors will target companies that can afford to pay a ransom, and ransomware attacks will become more sophisticated in 2022.” said Sundar Balasubramanian, Managing Director, India and SAARC, Check Point Software Technologies.

Mr. Sundar elaborates further, “Since supply chain attackers can take advantage of a lack of monitoring within an organization’s environment. It can be used to perform any type of cyber-attack, such as data breaches and malware infections. In 2021 the SolarWinds supply chain attack became famous due to its scale and influence, but there have been other supply chain attacks as well such as Codecov and Kaseya.”  The REvil ransomware gang exploited a zero-day vulnerability in Kaseya that compromised the company’s VSA product and affected more than 1,000 customers with the ransomware. The group demanded a ransom of USD 70 million to provide decryption keys for all affected customers.

SOCIAL ENGINEERING ATTACK

Social engineering attacks have become a major threat across the globe. In recent times there was a social engineering attack on Iranian citizens that stole billions of Rial from them. A social engineering attack is about motivating users or psychologically manipulating users to make security mistakes, or to leak out secret information unknowingly.

Kartik Shahani, Country Manager, Tenable IndiaEarlier attackers used the subjects that were in the news as social engineering lures. But as more and more people started getting aware of the hacks, attackers are finding new ways to execute their attacks. From opportunistic phishers to scheming nation-state actors, cyber adversaries have found multiple ways to exploit the networks. And the global pandemic has favoured them at an enormous scale. This includes phishing and business email compromise schemes, nation-state-backed campaigns, and ransomware attacks. The attackers worked to maximize the global nature of the pandemic that affected everyone around the world. Atop of it, they also got an expanded digital attack surface as office-goers were forced to work from home. According to Kartik Shahani, Country Manager, Tenable India, phishing attacks are at an all-time high. These kinds of attacks  were the most common attack vector that the cyber criminals used in 2021.

WORK FROM HOME

For the attackers, shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns outranked the more traditional email delivery vector earlier this year. This demonstrates the attempt of cyber criminals to target their attacks when individuals are the most vulnerable and gullible, i.e. browsing the Internet at home. Web browsers, not just devices, are also a prime target for the cyber criminals, as they targeted remote workers during the pandemic.

“In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Ghost dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in the IoT landscape. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cyber criminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.

Commenting on the technologies to counter the growing cyber threats Mr. Maurya said, “FortiGuard Labs had predicted that AI will begin to be leveraged by cyber criminals to enhance their malicious activities. Artificial Intelligence (AI) is already used defensively to detect unusual IoT behaviour that may indicate an attack, usually by botnets. And now, cyberattackers are leveraging AI to thwart the complicated algorithms used to detect that abnormal activity.”

Deep fakes are a growing concern for the organisations and government agencies as well.  As they leverage AI to mimic human activities and can be used to enhance social engineering attacks. One such AI-based system is GPT-3 (Generative Pre-trained Transformer) that uses deep language learning to produce convincing emails. With it, attackers can leverage hijacked emails by compromising mail servers or running man-in-the-middle attacks to generate emails and email replies that mimic the writing style, word choice, and tone of the person being impersonated, such as a manager or executive, even making references to previous correspondences.

Writing is just the start. There are already software tools designed to clone someone’s voice, with others in development. A vocal fingerprint of someone can be created using just a few seconds of audio and then generate arbitrary speech in real time. Elaborating on how vocal fingerprinting is still in initial development, Mr Maurya suggested, “This type of AI-enabled deep-fake will become problematic. As a central processing unit (CPU) or graphics processing unit (GPU) performance becomes more powerful (and cheaper). The bar to creating these deepfakes will also be lowered through the commercialization of advanced applications. These could eventually lead to real-time impersonations over voice and video applications that could pass biometric analysis. The possibilities are endless, including the elimination of voiceprints as a form of authentication.”

An open-source tool called Counterfit has just been released to pen test AI systems such as face recognition, image recognition, and fraud detection, etc., to ensure that the algorithms being used are trustworthy.

SECURING THE ROAD AHEAD

In the near future supply chain attacks will become more common. And governments will begin to establish regulations to address these attacks and protect networks. The government will also look into collaborating with the private sectors as well as other countries. This will help governments to identify and target more threat groups operating on a global and regional scale.

No IT solution is completely robust, and there may be some vulnerabilities. For organizations to prepare for such zero-day vulnerability exploits Mr. Sundar Balasubramanian said, “A unified security platform is essential to preventing zero-day attacks. A single solution with visibility and control across an organization’s entire IT ecosystem has the context and insight required to identify a distributed cyberattack. Additionally, the ability to perform coordinated, automated responses across an organization’s entire infrastructure is essential to preventing fast-paced zero-day attack campaigns.”

Experts suggest that organisations across all sectors must partner together and share data. This would enable a more effective response against any future attacks. It will help organisations predict future techniques to deter adversary efforts. Additionally, aligning forces through collaboration should remain a priority for the organizations to disrupt cybercriminal supply chain efforts before they attempt to exploit the same.

“In 2021, ransomware-as-a-service (RaaS) emerged as the biggest threat, making organizations cautious. In 2022, RaaS operators will become more selective about their targets, weighing whether the risk of getting caught is worth the reward. So far, we’ve seen organizations trying to outsmart cybercriminals,” said Kartik Shahani, Country Manager of Tenable India. He further said, “What we really need is a more nuanced approach to tackle the problem and prevent these attacks from being worthwhile. Organizations will have to focus their efforts on staying one step ahead and making it more expensive for cybercriminals to perpetrate attacks. If the reward is lower than the risk, threat actors can be dissuaded from launching cyber attacks.” 

Mr. Shahani predicts that in 2022, cybercriminals will continue to leverage vulnerabilities arising out of remote work because all it takes is one employee to fall prey to phishing emails to compromise the corporate network.

It’s true that online attacks have increased in numbers and will be increasing as the time passes by. In future hackers will leverage newer technology to attack the enterprises/organizations. And we might see social engineering attacks increasing. As new enterprises are growing and enhancing their network security, it has become difficult for the hackers/attackers to do their task. But as we live in a one connected world, the enterprises should come together as one entity and fight against these unworldly elements.

References: (Click here for more information on FortiGuard’s Cyber Threat Predictions for 2022)